Invention Grant
- Patent Title: Systems and methods for detecting covert DNS tunnels
- Patent Title (中): 检测隐蔽DNS隧道的系统和方法
-
Application No.: US12873553Application Date: 2010-09-01
-
Publication No.: US09003518B2Publication Date: 2015-04-07
- Inventor: Daniel Wyschogrod , David Patrick Mankins
- Applicant: Daniel Wyschogrod , David Patrick Mankins
- Applicant Address: US MA Cambridge
- Assignee: Raytheon BBN Technologies Corp.
- Current Assignee: Raytheon BBN Technologies Corp.
- Current Assignee Address: US MA Cambridge
- Agency: Ropes & Gray LLP
- Main IPC: G06F12/14
- IPC: G06F12/14 ; H04L29/06 ; H04L29/12
Abstract:
Systems and methods are disclosed for detecting covert DNS tunnels using n-grams. The majority of legitimate DNS requests originate from network content itself, for example, through hyperlinks in websites. So, comparing data from incoming network communications to a hostname included in a DNS request can give an indication on whether the DNS request is a legitimate request or associated with a covert DNS tunnel. This process can be made computationally efficient by extracting n-grams from incoming network content and storing the n-grams in an efficient data structure, such as a Bloom filter. The stored n-grams are compared with n-grams extracted from outgoing DNS requests. If n-grams from an outgoing DNS request are not found in the data structure, the domain associated with the DNS request is determined to be associated with a suspected covert DNS tunnel.
Public/Granted literature
- US20120054860A1 SYSTEMS AND METHODS FOR DETECTING COVERT DNS TUNNELS Public/Granted day:2012-03-01
Information query
